@agentikos/omega-os 0.19.12 → 0.19.14

package/bootstrap/lib/steps.sh

@@ -865,37 +865,55 @@ _claude_plugins_prompt_checklist() {
 
 # --- 50 -----------------------------------------------------------------------
 step_telegram() {
-  local token chat_id
-  ask token "Telegram bot token (from @BotFather)" "${TELEGRAM_TOKEN:-}"
-  if [ -z "$token" ]; then
-    err "a Telegram bot token is required (or install with --profile minimal)"
+  # Two distinct bots in the corrected v0.19.14 model:
+  #   * AISB bot (token A)   — REQUIRED. Runs missions on Max OAuth.
+  #   * Hermès bot (token H) — OPTIONAL. Meta-companion on Anthropic API.
+  # And one optional API key (ANTHROPIC_API_KEY_HERMES) gating Hermès AI.
+  # Old `TELEGRAM_TOKEN` is treated as the AISB token (back-compat).
+  local aisb_token hermes_token anthropic_key chat_id
+
+  # 1. AISB bot — required.
+  info "AISB bot — required. Talks to OmegaOS on Claude Max OAuth."
+  ask aisb_token "AISB Telegram bot token (from @BotFather)" "${TELEGRAM_TOKEN_AISB:-${TELEGRAM_TOKEN:-}}"
+  if [ -z "$aisb_token" ]; then
+    err "an AISB bot token is required (or install with --profile minimal)"
     return 1
   fi
   if have curl; then
-    if ! curl -s "https://api.telegram.org/bot${token}/getMe" | grep -q '"ok":true'; then
-      err "Telegram token rejected by the API"
+    if ! curl -s "https://api.telegram.org/bot${aisb_token}/getMe" | grep -q '"ok":true'; then
+      err "AISB Telegram token rejected by the API"
       return 1
     fi
   fi
+
   local sec="$OMEGA_HOME/Agentik_Extra/etc/secrets"
   mkdir -p "$sec"
-  printf 'TELEGRAM_TOKEN=%s\n' "$token" > "$sec/telegram.env"
+  # Write a single .env file consumed by both daemons; vault still holds
+  # the canonical encrypted copy.
+  {
+    echo "# Generated by OmegaOS install — do not edit by hand."
+    echo "# AISB bot (OmegaOS-native, Claude Max OAuth)"
+    printf 'TELEGRAM_TOKEN_AISB=%s\n' "$aisb_token"
+    printf 'TELEGRAM_TOKEN=%s\n' "$aisb_token"   # back-compat alias
+  } > "$sec/telegram.env"
   chmod 600 "$sec/telegram.env"
-  # Also write the token into the encrypted vault for the new code path.
-  python3 - "$OMEGA_HOME" "$token" <<'PY' || true
+  python3 - "$OMEGA_HOME" "$aisb_token" <<'PY' || true
 import sys
 from pathlib import Path
 home = Path(sys.argv[1])
 sys.path.insert(0, str(home / "Agentik_Engine"))
 try:
     from omega_engine.vault import vault_write
+    # Write under BOTH names so old code paths reading TELEGRAM_TOKEN keep
+    # working without a separate migration step.
+    vault_write(home, "TELEGRAM_TOKEN_AISB", sys.argv[2])
     vault_write(home, "TELEGRAM_TOKEN", sys.argv[2])
 except Exception as exc:
     print(f"(vault write skipped: {exc})")
 PY
-  ok "Telegram bot validated and wired"
+  ok "AISB Telegram bot validated and wired"
 
-  # Capture the forum group chat id — manifest first, then prompt.
+  # 2. AISB group chat id — same as before (scopes missions to a group).
   chat_id="$(python3 - "$MANIFEST" <<'PY' 2>/dev/null || true
 import sys, yaml
 try:
@@ -906,14 +924,11 @@ except Exception:
     print('')
 PY
 )"
-  chat_id="${chat_id//$'\n'/}"
+  chat_id="$(printf '%s' "$chat_id" | tr -d '\n ')"
   if [ -z "$chat_id" ]; then
-    ask chat_id "Telegram forum group chat id (e.g. -1001234567890; blank to set later)" ""
+    ask chat_id "AISB forum group chat id (e.g. -1001234567890; blank to set later)" ""
   fi
   if [ -n "$chat_id" ]; then
-    python3 "$OMEGA_REPO/bootstrap/lib/manifest-helpers.py" telegram-chat-id \
-      "$MANIFEST" "$OMEGA_HOME" 2>/dev/null | sed 's/^/    /' || true
-    # When chat_id came from the prompt (not the manifest), persist directly.
     python3 - "$OMEGA_HOME" "$chat_id" <<'PY' || true
 import sys
 from pathlib import Path
@@ -922,12 +937,59 @@ sys.path.insert(0, str(home / "Agentik_Engine"))
 try:
     from omega_engine.vault import vault_write
     vault_write(home, "TELEGRAM_GROUP_ID", sys.argv[2])
-    print(f"Telegram group_chat_id stored: {sys.argv[2]}")
+    print(f"AISB group chat_id stored: {sys.argv[2]}")
 except Exception as exc:
     print(f"(vault write skipped: {exc})")
 PY
   else
-    info "no Telegram group_chat_id captured — set later with \`omega telegram set-group <id>\`"
+    info "no AISB group_chat_id captured — set later with \`omega telegram set-group <id>\`"
+  fi
+
+  # 3. Hermès bot — OPTIONAL. Skip cleanly if the operator just hits Enter.
+  echo
+  info "Hermès bot — OPTIONAL. Meta-companion on Anthropic API (you pay per call)."
+  info "  Skip both prompts if you don't want Hermès yet — OmegaOS works fully without it."
+  ask hermes_token "Hermès Telegram bot token (blank = skip Hermès)" "${TELEGRAM_TOKEN_HERMES:-}"
+  if [ -n "$hermes_token" ]; then
+    if have curl; then
+      if ! curl -s "https://api.telegram.org/bot${hermes_token}/getMe" | grep -q '"ok":true'; then
+        err "Hermès Telegram token rejected by the API — continuing without Hermès"
+        hermes_token=""
+      fi
+    fi
+  fi
+  if [ -n "$hermes_token" ]; then
+    ask anthropic_key "Anthropic API key for Hermès (sk-ant-...; blank = set later)" \
+        "${ANTHROPIC_API_KEY_HERMES:-${ANTHROPIC_API_KEY:-}}"
+    {
+      echo "# Hermès bot (Layer 2 meta-companion, Anthropic API)"
+      printf 'TELEGRAM_TOKEN_HERMES=%s\n' "$hermes_token"
+    } >> "$sec/telegram.env"
+    if [ -n "$anthropic_key" ]; then
+      printf 'ANTHROPIC_API_KEY_HERMES=%s\n' "$anthropic_key" >> "$sec/telegram.env"
+    fi
+    chmod 600 "$sec/telegram.env"
+    python3 - "$OMEGA_HOME" "$hermes_token" "$anthropic_key" <<'PY' || true
+import sys
+from pathlib import Path
+home = Path(sys.argv[1])
+sys.path.insert(0, str(home / "Agentik_Engine"))
+try:
+    from omega_engine.vault import vault_write
+    vault_write(home, "TELEGRAM_TOKEN_HERMES", sys.argv[2])
+    if sys.argv[3]:
+        vault_write(home, "ANTHROPIC_API_KEY_HERMES", sys.argv[3])
+except Exception as exc:
+    print(f"(vault write skipped: {exc})")
+PY
+    if [ -n "$anthropic_key" ]; then
+      ok "Hermès Telegram bot + Anthropic key wired"
+    else
+      info "Hermès Telegram bot wired (no Anthropic key yet — set with"
+      info "  omega vault write ANTHROPIC_API_KEY_HERMES <sk-ant-...>)"
+    fi
+  else
+    info "Hermès skipped — wire later with \`omega telegram setup-hermes\`"
   fi
   return 0
 }

package/omega/Agentik_Engine/omega_engine/__init__.py

@@ -188,7 +188,7 @@ from omega_engine.genesis import (
 )
 from omega_engine import plan as plan_v7
 
-__version__ = "0.19.12"
+__version__ = "0.19.14"
 
 __all__ = [
     "__version__",

package/omega/Agentik_Engine/omega_engine/aisb_chat.py

@@ -60,6 +60,49 @@ def _clear_history(home: Path) -> int:
         conn.close()
 
 
+def chat_once(home: Path, text: str, *,
+              topic_id: int = None,
+              record_history: bool = True) -> str:
+    """Run ONE conversation turn against the AISB envelope and return the
+    reply. Stateless from the caller's POV — history is persisted via
+    ``telegram_history`` keyed on ``topic_id`` (a single global default
+    for the tmux REPL; chat_id for Telegram DMs to keep per-user threads).
+
+    Extracted so the Telegram DM path can talk to the same agent the
+    tmux REPL talks to, without duplicating env+envelope+provider plumbing.
+    """
+    import time
+    from omega_engine.envelope import EnvelopeContext, build_envelope
+    from omega_engine.provider import AgentRequest
+    from omega_engine.router import ModelRouter
+    from omega_engine.telegram_history import (
+        build_context_prompt, record_inbound, record_outbound,
+    )
+    if topic_id is None:
+        topic_id = CHAT_TOPIC
+    if record_history:
+        record_inbound(home, topic_id=topic_id, text=text)
+    enriched = build_context_prompt(
+        home, topic_id=topic_id, new_intent=text, limit=10,
+    )
+    ctx = EnvelopeContext(
+        role="aisb",
+        intent=enriched,
+        task_id=f"chat-{int(time.time())}",
+    )
+    env = build_envelope(home, ctx)
+    router = ModelRouter.auto()
+    provider = router.resolve("aisb")
+    result = provider.run(AgentRequest(
+        role="aisb", prompt=env["user"], context={},
+        system=env["system"],
+    ))
+    reply = (result.text or "").strip() or "(empty reply)"
+    if record_history:
+        record_outbound(home, topic_id=topic_id, text=reply)
+    return reply
+
+
 def run_chat_loop() -> int:
     """Block until /quit. Returns 0 on clean exit."""
     home = _omega_home()

package/omega/Agentik_Engine/omega_engine/daemons/telegram.py

@@ -153,33 +153,46 @@ def _route_one(
     """
     from omega_engine import telegram_history
 
-    # DM (no topic) — log it, refuse to start a mission. AISB DM
-    # is NOT where the orchestration runs; it's where the operator
-    # talks to the bot 1:1. The mission must run inside a project topic.
+    # DM (no topic) — route to the AISB conversational agent (same one
+    # the tmux REPL talks to). This used to refuse with "Missions only
+    # run from a project topic" which broke the most basic UX (a fresh
+    # install has no group topic yet, so the bot was effectively dead).
+    #
+    # Per-chat conversation history is namespaced by chat_id (encoded
+    # as a negative topic_id to avoid collisions with real Telegram
+    # forum topics, which are always positive small integers).
     if topic_id is None:
-        # We still record DM history so the operator's question + the
-        # bot's eventual reply (handled elsewhere) are linked.
+        dm_topic = -abs(int(chat_id)) if chat_id is not None else 0
         telegram_history.record_inbound(
-            home, topic_id=0, text=text, message_id=message_id,
+            home, topic_id=dm_topic, text=text, message_id=message_id,
         )
         logger.info(
-            "telegram in: DM (chat=%s) text=%r — refusing to start a "
-            "mission from the DM; ask in a project topic instead",
+            "telegram in: DM (chat=%s) text=%r — routing to AISB chat",
             chat_id, text[:80],
         )
+        try:
+            from omega_engine.aisb_chat import chat_once
+            reply = chat_once(home, text, topic_id=dm_topic,
+                              record_history=False)
+        except Exception as exc:  # noqa: BLE001
+            logger.warning("telegram DM: chat_once failed",
+                           exc_info=True)
+            reply = (
+                f"I hit an error talking to the AISB agent: {exc}\n"
+                "Check `omega doctor` for provider/account status."
+            )
+        telegram_history.record_outbound(
+            home, topic_id=dm_topic, text=reply,
+        )
         if telegram_bridge is not None and chat_id is not None:
             try:
                 telegram_bridge._call("sendMessage", {  # noqa: SLF001
                     "chat_id": str(chat_id),
-                    "text": (
-                        "Missions only run from a project topic in the "
-                        "OmegaOS group — not the DM. Open the topic for "
-                        "the project and re-send your request there."
-                    ),
+                    "text": reply[:3900],
                 })
             except Exception:  # noqa: BLE001
                 logger.warning("telegram daemon: DM reply failed", exc_info=True)
-        return "dm:refused"
+        return "dm:aisb-chat"
 
     # Topic message — record + route.
     telegram_history.record_inbound(

package/omega/Agentik_Engine/omega_engine/genesis/stack.py

@@ -176,6 +176,35 @@ def _backend_supabase_stack() -> Stack:
     )
 
 
+def _claude_dashboard_stack() -> Stack:
+    """The Claude Code-grade premium dashboard stack.
+
+    Picks up the architecture contract from
+    ``Agentik_SSOT/docs/references/CLAUDE-DESKTOP-FRONTEND-ARCHITECTURE.md``
+    during PRD + branding + design-system phases. Worker prompts include
+    the `/desktop-architecture` skill so every generated component traces
+    back to the same reference doc.
+    """
+    return Stack(
+        id="claude-dashboard",
+        title="Claude-grade premium dashboard (Next.js + Convex + shadcn + Motion + references doc)",
+        config=StackConfig(
+            type="web",
+            frontend="nextjs",
+            backend="convex",
+            deploy="vercel",
+            payments="stripe",
+            ui_kit="shadcn",
+            auth="clerk",
+            extras=["desktop-architecture-reference"],
+        ),
+        why="When the operator wants the Claude / Linear / Vercel / Stripe / "
+            "Elevenlabs dashboard look. Genesis phases pull from "
+            "Agentik_SSOT/docs/references/CLAUDE-DESKTOP-FRONTEND-ARCHITECTURE.md "
+            "as the single source of design truth.",
+    )
+
+
 CANONICAL_STACKS: dict[str, Stack] = {
     s.id: s for s in (
         default_stack(),
@@ -183,6 +212,7 @@ CANONICAL_STACKS: dict[str, Stack] = {
         _mobile_cross_stack(),
         _desktop_tauri_stack(),
         _backend_supabase_stack(),
+        _claude_dashboard_stack(),
     )
 }
 

package/omega/Agentik_Engine/omega_engine/hermes.py

@@ -248,19 +248,45 @@ def build_env(
     *,
     extra: dict[str, str] | None = None,
     creds_path: str | Path | None = None,
+    omega_home: str | Path | None = None,
 ) -> dict[str, str]:
     """Build the env dict for every Hermes invocation.
 
-    Injects ``CLAUDE_CODE_OAUTH_TOKEN`` from the live credentials file +
-    a few sane defaults (``HERMES_PROVIDER=anthropic``,
-    ``HERMES_MODEL=claude-opus-4-7``). Caller env wins via ``extra``.
+    v0.19.14 — Hermès now defaults to its OWN Anthropic API key (budget
+    isolation from the OmegaOS Claude Max OAuth):
+
+      1. ``ANTHROPIC_API_KEY_HERMES`` from the encrypted vault → primary.
+      2. ``ANTHROPIC_API_KEY`` already in the shell env → fallback.
+      3. ``CLAUDE_CODE_OAUTH_TOKEN`` from ``~/.claude/.credentials.json``
+         → LAST RESORT only, with a clear warning that this routes Hermès
+         calls through your Max sub.
+
+    Caller env wins via ``extra``.
     """
-    token = claude_oauth_token(creds_path)
     env = {**os.environ}
-    env["CLAUDE_CODE_OAUTH_TOKEN"] = token
-    # If the operator had stale anthropic env vars set, the OAuth token
-    # takes precedence. We do NOT clear them — operators may have legit
-    # API key setups for other tools.
+    # 1. Vault first.
+    key = ""
+    try:
+        from omega_engine.vault import vault_read
+        from pathlib import Path as _P
+        home = _P(omega_home) if omega_home else _P(
+            os.environ.get("OMEGA_HOME", str(_P.home() / "Omega"))
+        )
+        key = (vault_read(home, "ANTHROPIC_API_KEY_HERMES") or "").strip()
+    except Exception:  # noqa: BLE001
+        key = ""
+    # 2. Shell env fallback.
+    if not key:
+        key = (os.environ.get("ANTHROPIC_API_KEY") or "").strip()
+    # 3. Last-resort OAuth (preserves the old behaviour without making
+    # Hermès depend on it).
+    if not key:
+        try:
+            env["CLAUDE_CODE_OAUTH_TOKEN"] = claude_oauth_token(creds_path)
+        except Exception:  # noqa: BLE001
+            pass
+    if key:
+        env["ANTHROPIC_API_KEY"] = key
     env.setdefault("HERMES_PROVIDER", "anthropic")
     env.setdefault("HERMES_MODEL", "claude-opus-4-7")
     if extra:

package/omega/Agentik_Engine/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "omega-engine"
-version = "0.19.12"
+version = "0.19.14"
 description = "The Omega OS orchestration engine — event-sourced, verified-completion agent graphs."
 readme = "README.md"
 requires-python = ">=3.11"

package/omega/Agentik_Engine/tests/test_hermes_and_ua.py

@@ -95,13 +95,43 @@ class TestClaudeOAuthRead(unittest.TestCase):
 
 
 class TestBuildEnv(unittest.TestCase):
-    def test_env_includes_oauth_token_and_defaults(self):
+    """v0.19.14 — Hermès prefers ANTHROPIC_API_KEY_HERMES from the vault,
+    falls back to ANTHROPIC_API_KEY env, then last-resort to the Max
+    OAuth at ``~/.claude/.credentials.json``."""
+
+    def test_env_uses_anthropic_key_env_when_set(self):
+        with tempfile.TemporaryDirectory() as tmp:
+            p = _fake_creds(Path(tmp) / "c.json", token="tk-Z")
+            old = os.environ.get("ANTHROPIC_API_KEY")
+            os.environ["ANTHROPIC_API_KEY"] = "sk-ant-test"
+            os.environ.pop("OMEGA_HOME", None)
+            try:
+                env = H.build_env(creds_path=p)
+                self.assertEqual(env.get("ANTHROPIC_API_KEY"), "sk-ant-test",
+                    "Hermès must prefer ANTHROPIC_API_KEY over OAuth")
+                # OAuth NOT exposed when an Anthropic key is available.
+                self.assertNotIn("CLAUDE_CODE_OAUTH_TOKEN", env)
+            finally:
+                if old is None:
+                    os.environ.pop("ANTHROPIC_API_KEY", None)
+                else:
+                    os.environ["ANTHROPIC_API_KEY"] = old
+
+    def test_env_falls_back_to_oauth_when_no_anthropic_key(self):
         with tempfile.TemporaryDirectory() as tmp:
             p = _fake_creds(Path(tmp) / "c.json", token="tk-Z")
-            env = H.build_env(creds_path=p)
-            self.assertEqual(env["CLAUDE_CODE_OAUTH_TOKEN"], "tk-Z")
-            self.assertEqual(env["HERMES_PROVIDER"], "anthropic")
-            self.assertEqual(env["HERMES_MODEL"], "claude-opus-4-7")
+            old = os.environ.get("ANTHROPIC_API_KEY")
+            os.environ.pop("ANTHROPIC_API_KEY", None)
+            os.environ["OMEGA_HOME"] = tmp  # no vault key here
+            try:
+                env = H.build_env(creds_path=p)
+                self.assertEqual(env.get("CLAUDE_CODE_OAUTH_TOKEN"), "tk-Z")
+                self.assertEqual(env["HERMES_PROVIDER"], "anthropic")
+                self.assertEqual(env["HERMES_MODEL"], "claude-opus-4-7")
+            finally:
+                os.environ.pop("OMEGA_HOME", None)
+                if old is not None:
+                    os.environ["ANTHROPIC_API_KEY"] = old
 
     def test_env_extra_overrides_default(self):
         with tempfile.TemporaryDirectory() as tmp:
@@ -110,9 +140,27 @@ class TestBuildEnv(unittest.TestCase):
                               extra={"HERMES_MODEL": "claude-sonnet-4-7"})
             self.assertEqual(env["HERMES_MODEL"], "claude-sonnet-4-7")
 
-    def test_env_missing_token_propagates_error(self):
-        with self.assertRaises(H.HermesError):
-            H.build_env(creds_path=Path("/no/such/file"))
+    def test_env_no_creds_no_anthropic_returns_env_without_token(self):
+        """When neither an Anthropic key nor Claude OAuth is available,
+        build_env returns a usable env WITHOUT either token. The caller
+        (or Hermès itself) decides whether to error or skip; build_env
+        no longer raises — that was the v0.18 strict behaviour."""
+        old_anth = os.environ.get("ANTHROPIC_API_KEY")
+        old_home = os.environ.get("OMEGA_HOME")
+        os.environ.pop("ANTHROPIC_API_KEY", None)
+        with tempfile.TemporaryDirectory() as tmp:
+            os.environ["OMEGA_HOME"] = tmp
+            try:
+                env = H.build_env(creds_path=Path("/no/such/file"))
+                self.assertNotIn("ANTHROPIC_API_KEY", env)
+                self.assertNotIn("CLAUDE_CODE_OAUTH_TOKEN", env)
+                self.assertEqual(env["HERMES_PROVIDER"], "anthropic")
+            finally:
+                os.environ.pop("OMEGA_HOME", None)
+                if old_home is not None:
+                    os.environ["OMEGA_HOME"] = old_home
+                if old_anth is not None:
+                    os.environ["ANTHROPIC_API_KEY"] = old_anth
 
 
 # ---------------------------------------------------------------------------

package/omega/Agentik_Engine/tests/test_telegram_history.py

@@ -142,10 +142,15 @@ class TestTopicStats(unittest.TestCase):
             self.assertEqual(by_topic[2]["messages"], 1)
 
 
-class TestDaemonDMRefusal(unittest.TestCase):
-    """The daemon must refuse to start a mission from a DM."""
-    def test_dm_message_is_refused(self):
-        from omega_engine.daemons.telegram import _route_one
+class TestDaemonDMRoutesToAISBChat(unittest.TestCase):
+    """The daemon now routes DMs to the AISB conversational agent
+    (v0.19.13 change). Previously it refused with "project topic only",
+    which made the bot mute on a fresh install with no group yet."""
+
+    def test_dm_message_routes_to_aisb_chat(self):
+        from omega_engine.daemons import telegram as T
+        from omega_engine import aisb_chat
+        from unittest import mock
 
         class _FakeBridge:
             def __init__(self):
@@ -161,22 +166,65 @@ class TestDaemonDMRefusal(unittest.TestCase):
         with tempfile.TemporaryDirectory() as td:
             home = Path(td)
             bridge = _FakeBridge()
-            tag = _route_one(
-                topic_id=None, text="hi from DM",
-                message_id=5, chat_id=12345,
-                supervisor=_FakeSupervisor(),
-                project_map={},
-                home=home,
-                telegram_bridge=bridge,
-            )
-            self.assertEqual(tag, "dm:refused")
-            # We replied to the user with the redirect message.
+            with mock.patch.object(aisb_chat, "chat_once",
+                                   return_value="hello from AISB"):
+                tag = T._route_one(
+                    topic_id=None, text="hi from DM",
+                    message_id=5, chat_id=12345,
+                    supervisor=_FakeSupervisor(),
+                    project_map={},
+                    home=home,
+                    telegram_bridge=bridge,
+                )
+            self.assertEqual(tag, "dm:aisb-chat",
+                "DM must now be tagged as routed to AISB, not refused")
+            # We sent the AISB reply back via sendMessage.
             self.assertEqual(len(bridge.calls), 1)
             self.assertEqual(bridge.calls[0]["method"], "sendMessage")
             self.assertEqual(
                 str(bridge.calls[0]["fields"]["chat_id"]), "12345",
             )
-            self.assertIn("project topic", bridge.calls[0]["fields"]["text"])
+            self.assertEqual(
+                bridge.calls[0]["fields"]["text"], "hello from AISB",
+            )
+
+    def test_dm_history_is_namespaced_by_chat_id(self):
+        """Two DMs from different chats must NOT cross-contaminate history.
+        We use negative topic_ids derived from chat_id (real topics are
+        always positive Telegram forum thread IDs)."""
+        from omega_engine.daemons import telegram as T
+        from omega_engine import aisb_chat
+        from unittest import mock
+
+        class _FakeBridge:
+            def __init__(self): self.calls = []
+            def _call(self, method, fields, **_kw):
+                self.calls.append({"method": method, "fields": fields})
+                return {"message_id": 1}
+
+        class _FakeSupervisor:
+            def on_channel_message(self, t, x): return []
+
+        with tempfile.TemporaryDirectory() as td:
+            home = Path(td)
+            (home / "Agentik_Runtime").mkdir(parents=True)
+            captured: list[int] = []
+            def _fake_chat(home_arg, text, *, topic_id, record_history):
+                captured.append(topic_id)
+                return "ok"
+            with mock.patch.object(aisb_chat, "chat_once",
+                                   side_effect=_fake_chat):
+                T._route_one(topic_id=None, text="hi", message_id=1,
+                             chat_id=42, supervisor=_FakeSupervisor(),
+                             project_map={}, home=home,
+                             telegram_bridge=_FakeBridge())
+                T._route_one(topic_id=None, text="hi", message_id=2,
+                             chat_id=99, supervisor=_FakeSupervisor(),
+                             project_map={}, home=home,
+                             telegram_bridge=_FakeBridge())
+            self.assertEqual(captured, [-42, -99],
+                "DM history must be namespaced by chat_id "
+                "(encoded as negative topic_id)")
 
     def test_topic_message_records_history(self):
         from omega_engine.daemons.telegram import _route_one

package/omega/Agentik_SSOT/VERSION

@@ -1 +1 @@
-0.19.12
+0.19.14

package/omega/Agentik_SSOT/docs/LAYERS.md

@@ -1,90 +1,147 @@
 # OmegaOS Layered Architecture
 
-> Five layers. Each independently usable. All five share ONE credential:
-> the Claude Code Max OAuth token at `~/.claude/.credentials.json`.
+> Five layers. **Two independent credential domains.** **Two Telegram bots
+> with separate tokens.** Hermès sits above; AISB+Oracle+Workers stay below.
+> Each layer is independently usable.
+
+## The corrected model (v0.19.14)
 
 ```
 ┌──────────────────────────────────────────────────────────────────────┐
-│  Layer 1 ─ Human                                                     │
-│  Telegram / CLI / web — operator intent in natural language          │
-└────────────────────────────────────────┬─────────────────────────────┘
-                                         │
-┌────────────────────────────────────────▼─────────────────────────────┐
-│  Layer 2 ─ Hermes (Nous Research, opt-in)                            │
-│  Autonomous self-improving agent. Cross-platform gateway, scheduled  │
-│  automations, skill creation from experience, dialectic user model.  │
-│  Uses CLAUDE_CODE_OAUTH_TOKEN from ~/.claude/.credentials.json.       │
-│  Bridge: `omega hermes {install,link,status,ask}`                    │
-└────────────────────────────────────────┬─────────────────────────────┘
-                                         │
-┌────────────────────────────────────────▼─────────────────────────────┐
-│  Layer 3 ─ AISB (Agentik Intake Service Bus)                         │
-│  Telegram-first intake. Classifies the message, picks a topology,    │
-│  dispatches a mission to the Engine. Lives in $OMEGA_HOME.           │
-└────────────────────────────────────────┬─────────────────────────────┘
-                                         │
-┌────────────────────────────────────────▼─────────────────────────────┐
-│  Layer 4 ─ Oracle (the planner)                                      │
-│  Reads the mission, plans 1..N worker subtasks, each with a          │
-│  verify_cmd + file ownership. Persistent tmux session.               │
-└────────────────────────────────────────┬─────────────────────────────┘
-                                         │
-┌────────────────────────────────────────▼─────────────────────────────┐
-│  Layer 5 ─ Workers (executors)                                       │
-│  One per subtask. Persistent tmux session. Runs `claude -p` with     │
-│  the worker envelope + injected skill palette. Writes .done.json     │
-│  on completion. Verified by the audit gate before the parent's      │
-│  barrier resolves.                                                   │
-└──────────────────────────────────────────────────────────────────────┘
+│  Layer 1 ─ Human (you)                                               │
+│  Three doors:                                                        │
+│   1. Telegram → Hermès bot   (meta-companion, Anthropic API)         │
+│   2. Telegram → AISB bot     (OmegaOS native, Claude Max OAuth)      │
+│   3. CLI / tmux              (omega …, AISB-chat session)            │
+└────────┬───────────────────────────────────┬─────────────────────────┘
+         │                                   │
+         ▼                                   ▼
+┌──────────────────────┐         ┌────────────────────────────────────┐
+│ Layer 2 ─ HERMÈS     │         │ Layer 3 ─ AISB                     │
+│ Meta-companion,      │ ───────►│ OmegaOS intake / orchestrator      │
+│ scheduler, learner.  │ dispatch│ Classifies, picks a topology,      │
+│                      │ missions│ runs the mission.                  │
+│ Auth: ANTHROPIC_API_ │         │                                    │
+│       KEY_HERMES     │         │ Auth: Claude Max OAuth             │
+│ Bot:  TELEGRAM_TOKEN_│         │       (~/.claude/.credentials.json)│
+│       HERMES         │         │ Bot:  TELEGRAM_TOKEN_AISB          │
+│                      │         │                                    │
+│ OPT-IN  (skip if you │         │ Required for missions.             │
+│ don't want a paid    │         │ Telegram bot is optional too —     │
+│ Anthropic key)       │         │ tmux AISB-chat is the fallback.    │
+└──────────────────────┘         └─────────────┬──────────────────────┘
+                                               │
+                                               ▼
+                                  ┌────────────────────────────────────┐
+                                  │ Layer 4 ─ Oracle (planner)         │
+                                  │ Persistent tmux. Reads mission,    │
+                                  │ plans N workers with verify_cmd.   │
+                                  │ Auth: Claude Max OAuth             │
+                                  └─────────────┬──────────────────────┘
+                                                │
+                                                ▼
+                                  ┌────────────────────────────────────┐
+                                  │ Layer 5 ─ Workers (executors)      │
+                                  │ One per subtask. Persistent tmux.  │
+                                  │ Writes .done.json. Audit-gated.    │
+                                  │ Auth: Claude Max OAuth             │
+                                  └────────────────────────────────────┘
+```
+
+## Why TWO bots, TWO auth domains
+
+| Concern | Hermès (L2) | AISB+Oracle+Workers (L3-L5) |
+|---|---|---|
+| **Telegram token** | `TELEGRAM_TOKEN_HERMES` | `TELEGRAM_TOKEN_AISB` |
+| **LLM credential** | `ANTHROPIC_API_KEY_HERMES` (you pay per call) | Claude Max OAuth from `~/.claude/.credentials.json` (covered by your Max sub) |
+| **What it does** | Meta-reasoning: schedules, suggestions, learning, dispatches missions DOWN to AISB | Executes verified-completion missions inside projects |
+| **Budget risk** | You pay → bounded by your Anthropic spend limit | Claude Max — never charged per call |
+| **Failure mode if absent** | Skip Hermès → OmegaOS still works (CLI + AISB bot) | If absent, no missions → not optional |
+
+This split is intentional:
+
+1. **Budget isolation.** Hermès can run a tight schedule loop, learn from
+   observations, propose missions — without ever touching your Max quota.
+   AISB+Workers can crank through 50-step missions on Max OAuth — without
+   ever burning your Anthropic API budget.
+2. **Independent identity.** Hermès has its own Telegram username, its
+   own bot personality, its own conversation history. AISB stays
+   project-focused (one bot per OmegaOS install, topics per project).
+3. **Authority gradient.** Hermès is *above* OmegaOS — it can issue
+   commands to AISB but doesn't run inside it. AISB is *the* runtime
+   for OmegaOS missions.
+
+## Per-project Telegram structure
+
+OmegaOS treats Telegram as the operator's command surface:
+
+```
+AISB Group (Telegram supergroup with topics enabled)
+│
+├── Topic "general"               — chat with AISB, status questions
+├── Topic "project: dentistry"    — dispatch missions for the Dentistry project
+├── Topic "project: kommu"        — dispatch missions for the Kommu project
+├── Topic "project: causio"       — dispatch missions for the Causio project
+└── …                              (one topic per project, mapped in
+                                    Agentik_SSOT/projects/<slug>/registry.yaml)
 ```
 
-## Why this shape
+A message posted in a project topic = a mission for THAT project. AISB
+reads `message_thread_id` (the topic_id), looks up the slug, runs the
+mission in the project's context (cwd = project root, env =
+project-scoped secrets).
+
+Hermès operates ABOVE the group. It can:
+
+  * Receive a DM in **its own** Telegram bot from you.
+  * Decide: "this is a mission for project X" → send a message INTO
+    the AISB group's topic-X (Hermès posts as a member of the group).
+  * Or: "this is a meta-question" → answer directly via Anthropic API.
+  * Or: "this is an autonomous trigger" (cron, observation) → dispatch
+    a fresh mission into a project topic.
 
-| Layer | Role | Runtime | Credential |
-|---|---|---|---|
-| 1 | Intent | Human | n/a |
-| 2 | Autonomous companion | Hermes (Python, ~/.hermes) | Claude Max OAuth |
-| 3 | Mission intake | OmegaOS engine | Claude Max OAuth |
-| 4 | Planning | Persistent tmux + `claude -p` | Claude Max OAuth |
-| 5 | Execution | Persistent tmux + `claude -p` | Claude Max OAuth |
+## Install / secrets layout (corrected)
 
-Every layer below #1 calls Claude through the same OAuth credential. No
-API key burn, no separate auth surface, no extra account to manage. The
-token rotates server-side via the standard Claude Code refresh flow;
-every layer reads the live file (`~/.claude/.credentials.json`) on each
-call so refresh propagates automatically.
+| Vault key | Holds | Who reads it |
+|---|---|---|
+| `TELEGRAM_TOKEN_AISB` | AISB bot token (from BotFather, bot A) | `omega telegram bridge` + AISB daemon |
+| `TELEGRAM_TOKEN_HERMES` | Hermès bot token (from BotFather, bot B) | Hermès daemon only |
+| `ANTHROPIC_API_KEY_HERMES` | Hermès's own paid Anthropic key | Hermès daemon only |
+| `TELEGRAM_GROUP_ID` | AISB supergroup chat_id | AISB daemon (to scope missions) |
+| `TELEGRAM_TOKEN` | **back-compat alias** for `TELEGRAM_TOKEN_AISB` | Old install paths |
+| Claude Max OAuth | The OAuth at `~/.claude/.credentials.json` | AISB, Oracle, all Workers |
+
+Claude Max OAuth is **never duplicated in the vault** — it lives in
+`~/.claude/.credentials.json` and every layer below Hermès reads it live
+on every call so refresh rotations propagate naturally.
 
 ## Layer choice cheat-sheet
 
 | You want to | Use |
 |---|---|
-| One-shot CLI question | Layer 5 directly: `claude -p "..."` |
-| Verified-completion multi-worker mission | Layer 3-5: `omega run "..."` |
-| Recurring scheduled mission (cron) | Layer 3-5: `omega cadence schedule ...` |
-| Cross-platform chat (Telegram, Discord, …) | Layer 2: `hermes gateway` |
-| Skill creation from experience over time | Layer 2: Hermes's learning loop |
-| Long-running autonomous research | Layer 2: Hermes + scheduled task |
-| Visual codebase exploration | Sidecar: `omega ua run <project>` |
-
-## Bridges
-
-* `omega hermes` — Layer 2 ↔ rest of stack. Hermes can call OmegaOS via
-  the `omega` CLI (any of layers 3-5). OmegaOS can call Hermes via
-  `omega hermes ask "..."`.
-* `omega ua` — Understand-Anything sidecar. Builds an interactive
-  knowledge graph of any project; `omega ua consume` lands the graph
-  into the Engine's GraphRetriever so Oracle/workers can answer
-  "where in the code is X?" via Graph RAG.
-* `omega ma` — Anthropic Managed Agents (opt-in, API-key-only). NOT
-  part of the OAuth stack; only used when explicitly opted into per
-  topology entry.
+| Quick chat with the meta-companion | Hermès bot (DM) — Anthropic API |
+| Run a mission on a project | AISB project topic OR `omega run` from project dir |
+| One-shot CLI question (no orchestration) | `claude -p "..."` directly |
+| Verified-completion multi-worker mission | `omega run` / AISB topic — engages Oracle + Workers |
+| Recurring scheduled mission | `omega cadence schedule …` — wakes through AISB |
+| Cross-platform autonomous loop | Hermès (Anthropic API key, scheduled tasks) |
+| Audit a project | `/codeaudit` etc. from project — Quality Arsenal |
 
 ## What this is NOT
 
-* Hermes is not a "wrapper" around OmegaOS — it has its own loop, its
-  own skills, its own memory. The bridge gives both runtimes the
-  ability to delegate to each other.
-* Layer 2 is OPTIONAL. OmegaOS without Hermes is a complete agentic
-  OS (layers 1+3-5). Adding Hermes buys you the autonomous companion
-  + cross-platform gateway + learning loop. Removing Hermes removes
-  none of OmegaOS's verified-completion guarantees.
+* Hermès is NOT a wrapper around AISB — they're separate runtimes with
+  separate credentials and separate Telegram identities. The bridge gives
+  both the ability to delegate to each other.
+* AISB does NOT need Hermès to function. Skip Hermès install → OmegaOS
+  is a complete agentic OS with verified completion. Add Hermès when you
+  want meta-reasoning + autonomous loops above your projects.
+* The Anthropic API key Hermès uses is NOT shared with anything else.
+  AISB+Oracle+Workers stay on Max OAuth, always.
+
+## v0.19.x evolution
+
+| Version | Change |
+|---|---|
+| v0.18  | Single OAuth model (Hermès on Claude Max) |
+| **v0.19.14** | **Split: Hermès on `ANTHROPIC_API_KEY_HERMES`; AISB on Max OAuth; two Telegram bots** |
+| (planned v0.19.15+) | Dedicated Hermès daemon (its own poll loop), Hermès→AISB dispatch verbs |

package/omega/Agentik_SSOT/docs/references/README.md

@@ -0,0 +1,17 @@
+# References
+
+Operator-curated source-of-truth documents that OmegaOS skills + Genesis
+consume by name. Drop a new version of any file here and it propagates
+to every project at the next `omega sync`.
+
+## Active references
+
+| File | Consumed by | Topic |
+|---|---|---|
+| `CLAUDE-DESKTOP-FRONTEND-ARCHITECTURE.md` | `/desktop-architecture`, Genesis stack `claude-dashboard`, refonte audit | Premium desktop / dashboard UI architecture, the "Claude / Linear / Vercel / Stripe / Elevenlabs" canon |
+
+## Format
+
+Plain Markdown. No frontmatter needed — these are reference docs, not
+SKILL.md. Headings should be self-describing so skills can extract
+sub-sections by regex if needed.

package/omega/Agentik_SSOT/skills/desktop-architecture/SKILL.md

@@ -0,0 +1,61 @@
+---
+name: desktop-architecture
+description: >
+  Reference skill — pull the canonical Claude Code-grade desktop/dashboard
+  architecture (`Agentik_SSOT/docs/references/CLAUDE-DESKTOP-FRONTEND-ARCHITECTURE.md`)
+  and apply it to a project. Triggers on "desktop architecture", "Claude
+  dashboard", "Claude desktop", "premium dashboard", "comme Linear / Vercel
+  / Stripe / Elevenlabs", "dashboard senior", "claude stack". Use whenever
+  the user asks for a dashboard refonte or a new project that needs the
+  Claude-grade desktop look.
+when_to_use: >
+  User mentions "desktop architecture", "Claude dashboard", "Claude desktop
+  stack", or asks for a dashboard rebuild "comme Claude / Linear / Vercel /
+  Stripe / Elevenlabs". Also triggers automatically when the Genesis stack
+  picker selects the `claude-dashboard` preset.
+allowed-tools: Read Grep Glob
+---
+
+# /desktop-architecture — pull the canonical Claude dashboard reference
+
+This skill loads the **Claude Desktop Frontend Architecture** reference
+document from the SSOT and applies its principles to the current task.
+
+## What it does
+
+1. Reads `$OMEGA_HOME/Agentik_SSOT/docs/references/CLAUDE-DESKTOP-FRONTEND-ARCHITECTURE.md`
+2. Extracts the relevant section (components, layout, motion, palette,
+   typography, density, navigation, command palette, etc.)
+3. Applies it as the design contract for the requested task:
+   - **Refonte audit** — score the current UI against this contract
+   - **Genesis** — when stack = `claude-dashboard`, the PRD, branding and
+     design-system phases derive their tokens from this doc
+   - **Component builder** — when a worker generates a new dashboard
+     screen, it references the layout primitives from this doc first
+
+## Triggers (any of these in a user prompt invoke me)
+
+- `desktop architecture`
+- `Claude desktop` / `Claude dashboard` / `Claude stack`
+- `premium dashboard` / `dashboard senior`
+- `comme Linear` / `comme Vercel` / `comme Stripe` / `comme Elevenlabs`
+- `refais le dashboard` / `redesign dashboard` (combined with project name)
+
+## Where it lives
+
+The reference doc itself lives at:
+`$OMEGA_HOME/Agentik_SSOT/docs/references/CLAUDE-DESKTOP-FRONTEND-ARCHITECTURE.md`
+
+It's the single source of truth — when Gareth refreshes the document
+(e.g. new components, new motion language), every project re-reads it
+on next `/desktop-architecture` invocation. No fork, no drift.
+
+## How to refresh the reference
+
+The operator drops a new version into the SSOT path above, then runs:
+
+```bash
+omega sync     # projects to ~/.claude/skills/<id>/
+```
+
+Workers spawned after the sync pick up the new content automatically.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentikos/omega-os",
-  "version": "0.19.12",
+  "version": "0.19.14",
   "description": "Omega OS — installable agentic operating system with verified-completion orchestration. Event-sourced engine, 8-block rack, autonomous agents, MCP.",
   "bin": {
     "omega-os": "bin/omega-os.js"